Skip to main content
Version: Next

Introduction

Objective#

Welcome to the documentation section dedicated to Crowdsec's CTI API. The data you access via this API is fed chiefly by Crowdsec instances worldwide.

Datasets#

Crowdsec's CTI API presents two primary datasets :

  • fire dataset reflects the content of the community blocklist with more context.
  • smoke dataset reflects most of the IPs reported by Crowdsec users

note: The ratio of fire to smoke is around 1% at the time of writting

CTI Information#

When querying the CTI API about a given IP, you will get to know more about:

  • What it does: observed behaviors, targetted protocols, exploited vulnerabilities, etc.
  • To what categories does it belong: proxy/VPN, CDN exit node, Legit security scanner, etc.
  • What it targets: Countries, services, etc.
  • Existing cross-references: Existing lists, etc.
  • How virulent it is
  • For how long it has been reported by users
  • The confidence level of the information
  • And so on

How to access it#

See the getting started section to see how to get your API key and start exploring data. The console can also show a lighter version of the CTI API data.